‘Tsunami’ Trojan for Mac OS X detected

A Trojan targeting computers running Mac OS X which can be used to launch DDoS (distributed denial-of-service) attacks on websites has been discovered.

The Tsunami backdoor Trojan, reported by Graham Cluley, senior technology consultant at security firm Sophos on the company’s Naked Security blog, gets its name from the DDoS tactic of flooding a website with traffic.

Once it has embedded itself on a computer, the Tsunami Trojan listens to an IRC (Internet Relay Chat) channel for further instructions. These instructions could be to send numerous requests to a particular web address to overload it with traffic, for example.

“The big question, of course, is how would this code find itself on your Mac in the first place? It could be that a malicious hacker plants it there, to access your computer remotely and launch DDoS attacks, or it may even be that you have volunteered your Mac to participate in an organised attack on a website,” said Cluley.

“But remember this – not only is participating in a DDoS attack illegal, it also means that you have effectively put control of your Mac into someone else’s hands. If that doesn’t instantly raise the hairs on the back of your neck, it certainly should.”

The Trojan originates from a family of malware that targeted the Linux OS and has been in circulation since 2002.

Experts at fellow security firm ESET warned: “In addition to enabling DDoS attacks, the backdoor can enable a remote user to download files, such as additional malware or updates to the Tsunami code. The malware can also execute shell commands, giving it the ability to essentially take control of the affected machine.”

Sophos’ Cluley advised all Mac users to use security software and to keep it up to date in order to protect from threats such as this one.